Latest
SSLHandshakeException or ClassCastException when using an HSM and Java 11 with ForgeRock products
The purpose of this article is to provide assistance if you encounter an SSLHandshakeException or ClassCastException when using a Hardware Security Module (HSM) via the PKCS11 module with Java® 11 (11.0.1 to 11.0.5). This issue affects all ForgeRock products that are compatible with Java 11 (versions 6.5 and later of AM, DS, IDM and IG).
401 Unauthorized error when building ForgeRock Identity Platform from source
The purpose of this article is to provide assistance if building AM, DS, IDM or IG from source fails with a "401 Unauthorized" error stating authentication failed or a "Not Authorized" error. This issue will occur when accessing artifacts in the Maven repositories and will refer to a non-resolvable POM. If you download binaries using a curl command, you will see a 403 "Props Authentication Token not found" response instead.
Do ForgeRock products work with Microsoft Azure?
Microsoft Azure is Microsoft's cloud platform, which provides a range of cloud-based products and services. ForgeRock products work well with many Azure services.
FAQ: IG in Standalone Mode
The purpose of this FAQ is to provide answers to commonly asked questions regarding IG in standalone mode. This is a non-Web container dependent release of IG, which is delivered as a standalone Java® executable.
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
How do I connect to IDM (All versions) with mutual SSL authentication from IG (All versions)?
The purpose of this article is to provide information on connecting to IDM with mutual SSL authentication from IG using the client certificate module (CLIENT_CERT).
Spring Framework Security Advisory #202203
The purpose of this advisory is to inform our customers that, based on current information, ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are NOT vulnerable to the Spring Framework vulnerabilities: Data Binding Rules CVE-2022-22968, RCE (Remote Code Execution) CVE-2022-22965 (Spring4shell), RCE CVE-2022-22963 and DoS (Denial of Service) CVE-2022-22950.
Does the ForgeRock solution offer single and same sign-on (SSO) capabilities?
The ForgeRock solution includes a wide range of integration patterns and platform components that enable single and same sign-on (SSO) for both modern and legacy applications.
Agent and IG session numbers keep growing in the CTS store in AM (All versions)
The purpose of this article is to provide assistance if you see increasing Agent and IG session numbers in the Core Token Service (CTS) store, where the sessions have an expiration date of 42 years.
Where can I find useful logs for troubleshooting ForgeRock products?
The purpose of this article is to provide information on finding logs across ForgeRock products (AM, DS, IDM and IG) for troubleshooting purposes. This article shows default log locations, although most of them can be changed.
Books
Security Advisories
This book provides security advisories for ForgeRock products (AM, DS, IDM and IG).
Product Q&As - ForgeRock Identity Platform
This book provides answers to questions when evaluating the ForgeRock Identity Platform and its components (AM, DS, IDM and IG). It assumes that the platform is deployed on-premises or in a private or public cloud rather than ForgeRock-hosted in Identity Cloud.
Platform compatibility
This book provides information on compatibility for the ForgeRock products (AM, DS, IDM and IG).
Performance tuning and monitoring ForgeRock products
This book provides information on performance tuning and monitoring ForgeRock products (AM, DS, IDM and IG).
SAML federation in IG
This book provides information on SAML federation in IG and includes help on configuring federation and debug logging.
Troubleshooting IG
This book provides information on troubleshooting various issues in IG including collecting useful troubleshooting information such as logs, heap dumps and stack traces.
Installing and configuring IG
This book provides information on installing and configuring IG including frequently asked questions.
Security Advisories
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
Spring Framework Security Advisory #202203
The purpose of this advisory is to inform our customers that, based on current information, ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are NOT vulnerable to the Spring Framework vulnerabilities: Data Binding Rules CVE-2022-22968, RCE (Remote Code Execution) CVE-2022-22965 (Spring4shell), RCE CVE-2022-22963 and DoS (Denial of Service) CVE-2022-22950.
Java JDK Security Advisory #202109
ForgeRock are aware of a serious vulnerability in the implementation of certain cryptographic operations in Java® JDK versions 15 and later: CVE-2022-21449. This vulnerability affects Oracle® Java and OpenJDK, including other JDKs derived from OpenJDK. You should follow the advice in this advisory to secure your deployments at the earliest opportunity.